Penetration testing explained
In the 50s, fleets of aircraft were in use all over the world, but facing a dangerous problem: running into birds in midair. This led to technical advances in building new windshields and new engines, but engineers needed to ensure that their designs would satisfy their requirements. So how do you make sure your windshield stands up to a bird hitting it? You hit it with a bird!
This is how the “chicken gun” was born: a compressed-air cannon that would fire a dead chicken into a target. Over the following decades, several aircraft manufacturers developed these tools as a way to test the resilience of their safety measures.
Penetration tests are the chicken guns of the IT and information security field.
Think about how much effort you put into defending your organization and computing environments from attacks. You stack up security software on your endpoints, place box after box in a pile between your users and the Internet, write pages of policy—but are you actually sure those defenses and controls will stop the threats about which you are concerned, beyond what they promise on paper?
Penetration testing is ultimately the only way to make sure.
The bottom line is, if you want to know if your organization’s security strategy will truly stop your threats, a penetration test is essential. As the great philosopher Mike Tyson reminds us, “Everyone has a plan until they get punched in the mouth.”
It sounds like a straightforward idea, so why isn’t everyone doing them?
There’s a fear aspect, with leadership and technical folks uneasy with the idea of someone using attacker tools on them. To this we say: Attackers are out there! They’ll use their tools on you, whether you’re comfortable or not. Why not let some friendly faces do it first and tell you how to fix what they found?
There are also budgetary challenges as it can seem extravagant to spend money on an assessment like this. Again, we would say that you’re going to incur cost if your defenses fail to stop an attacker. This may be much more substantial than the cost of the test. The cost of lost business, fines, ransom payments, legal fees, brand impact, and the like can stack up pretty quickly.
If you’d like to learn more about penetration tests, and specifically what a test designed for your business and environment would look like, we’d be happy to dream up one with you. We’ll leave the chickens at home!